Skip to content

Commit

Permalink
npm postinstall and preinstall scripts pose a potential attack vector…
Browse files Browse the repository at this point in the history
…. We previously disabled their use in our repo, but I enabled them so we could use patch-package, to alter Picker for consumption in our repo. All changes have landed upstream, so we shouldn't need to do this anymore. (#9061)

Remove the picker patches, patch-package usage, and disable running bin scripts.
  • Loading branch information
NickGerleman authored Nov 5, 2021
1 parent 34591d1 commit e5e33e5
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 298 deletions.
2 changes: 1 addition & 1 deletion .yarnrc.yml
Original file line number Diff line number Diff line change
@@ -1 +1 @@
enableScripts: true
enableScripts: false
5 changes: 1 addition & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
"doc": "doxysaurus --config vnext/doxysaurus.json",
"format": "format-files -i -style=file -assume-filename=../.clang-format",
"format:verify": "format-files -i -style=file -verify",
"postinstall": "patch-package",
"test": "lage test --verbose -- --color",
"validate-overrides": "react-native-platform-override validate --color"
},
Expand All @@ -35,9 +34,7 @@
"beachball": "^2.20.0",
"husky": "^4.2.5",
"unbroken": "1.0.27",
"lage": "^0.29.3",
"patch-package": "^6.4.7",
"postinstall-postinstall": "^2.1.0"
"lage": "^0.29.3"
},
"resolutions": {
"kind-of": "6.0.3",
Expand Down
2 changes: 1 addition & 1 deletion packages/@react-native-windows/tester/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@react-native/tester": "0.0.1"
},
"peerDependencies": {
"@react-native-picker/picker": "2.1.0",
"@react-native-picker/picker": "2.2.0",
"react": "17.0.2",
"react-native": "0.0.0-20211021-2008-eccbf9b5c",
"react-native-windows": "^0.0.0-canary.413"
Expand Down
2 changes: 1 addition & 1 deletion packages/e2e-test-app/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"e2etest": "jest --color"
},
"dependencies": {
"@react-native-picker/picker": "2.1.0",
"@react-native-picker/picker": "2.2.0",
"@react-native-windows/automation-channel": "^0.0.24",
"@react-native-windows/tester": "0.0.1",
"react": "17.0.2",
Expand Down
2 changes: 1 addition & 1 deletion packages/playground/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"windows": "react-native run-windows"
},
"dependencies": {
"@react-native-picker/picker": "2.1.0",
"@react-native-picker/picker": "2.2.0",
"@react-native-windows/tester": "0.0.1",
"react": "17.0.2",
"react-native": "0.0.0-20211021-2008-eccbf9b5c",
Expand Down
139 changes: 0 additions & 139 deletions patches/@react-native-picker+picker+2.1.0.patch

This file was deleted.

Loading

0 comments on commit e5e33e5

Please sign in to comment.